From 04686de59c4ab9b48a316ac0abb5b73afc56c1f8 Mon Sep 17 00:00:00 2001 From: Jannik Beyerstedt Date: Tue, 12 Nov 2019 21:06:04 +0100 Subject: [PATCH] use more variables instead of hard-coding (fixes #3) --- README.md | 40 ++++++++++++++++++++--- defaults/main.yml | 5 ++- files/ddns-namecheap.sh | 6 ---- tasks/borgbackup-Debian-stretch.yml | 10 +++--- tasks/borgbackup-Debian.yml | 10 +++--- tasks/borgbackup.yml | 50 ++++++++++++++--------------- tasks/caddy-setup.yml | 4 +-- tasks/caddyserver.yml | 1 + tasks/cronmails.yml | 2 +- tasks/dyndns.yml | 10 +++--- tasks/telegraf.yml | 2 +- templates/borgbackup.sh | 11 +++---- {files => templates}/caddy.service | 2 +- {files => templates}/ddns-hosts.sh | 6 ++-- templates/telegraf.conf | 12 +++---- 15 files changed, 101 insertions(+), 70 deletions(-) delete mode 100644 files/ddns-namecheap.sh rename {files => templates}/caddy.service (88%) rename {files => templates}/ddns-hosts.sh (88%) diff --git a/README.md b/README.md index 6456640..1b29fed 100644 --- a/README.md +++ b/README.md @@ -20,15 +20,45 @@ Therefore you can use the same playbook for multiple servers and activate the ne ### Borgbakup If you want to configure borgbackup backups, these variables need to be set: -- `borgbackup_host`: Hostname used by the borgbackup script -- `borgbackup_sub`: Sub-Account ID used by the borgbackup script +- `borgbackup_passphrase`: Passphrase of the borgbackup repo +- `borgbackup_repo`: Repository path (e.g. `ssh://$user@$hostname/$path`) +- `borgbackup_hostname`: Hostname to prefix the snapshots -Attention: You still need to setup the borgbackup repository manually. +Optional configuration: +- `borgbackup_ssh_id`: Path to the used ssh id (default: `/home/{{ ansible_user_id }}/.ssh/id_ed25519`) + +Attention: You still need to setup the borgbackup repository manually. + +### Caddy +Mandatory variable: +- `caddy_email`: Email address to use for getting let's encrypt certificates + +### Cronmails +Mandatory variable: +- `cron_email`: Sender email address used by cron + +### DynDNS +This task and it's configuration files might be quite specific for the [davd/docker-ddns](https://github.com/dprandzioch/docker-ddns) docker container. + +Mandatory variables: +- `ddns_server_domain`: Domain name of the DynDNS server +- `ddns_passphrase`: Passphrase for updating dynDNS entries +- `ddns_domain`: Domain where the host's entries are created as `$hostname.$ddns_domain` ### Telegraf +Mandatory variables: +- `telegraf_server_url`: URL of the influxDB server, e.g. `https://example.com:8086` +- `telegraf_server_user`: Username of the influxDB user +- `telegraf_server_passwd`: Password of the influxDB user + Telegraf is configured with basic host telemetry by default. You can add more features, if you like: -- `telegraf_docker`: Set to `true`, if docker telemetry should be collected -- `telegraf_snmp_fra80`: Set to `true`, if SNMP telemetry of the fra80 network should be collected +- `telegraf_docker`: Set to `true`, if docker telemetry should be collected (uses file from `telegraf_docker_file`) +- `telegraf_snmp`: Set to `true`, if SNMP telemetry should be collected (uses file from `telegraf_snmp_file`) +- `telegraf_docker_file`: filename of the docker telegraf config part in `{{role_path}}/templates` (default `telegraf-docker.conf`). +- `telegraf_snmp_file`: filename of the SNMP telegraf config part in `{{role_path}}/templates` (default `telegraf-SNMP.conf`). + +Optional settings: +- `telegraf_interval`: Data sampling interval (default `300s`) Dependencies diff --git a/defaults/main.yml b/defaults/main.yml index 7c6e0cf..a21c573 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,7 +1,10 @@ --- # defaults file for server +borgbackup_ssh_id: "/home/{{ ansible_user_id }}/.ssh/id_ed25519" + +telegraf_interval: "300s" telegraf_docker_file: "telegraf-docker.conf" -telegraf_snmp_fra80_file: "telegraf-SNMP_fra80.conf" +telegraf_snmp_file: "telegraf-SNMP.conf" dockercompose_use_pip: false diff --git a/files/ddns-namecheap.sh b/files/ddns-namecheap.sh deleted file mode 100644 index 5a675f4..0000000 --- a/files/ddns-namecheap.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -passwd='dyndnshosts' -hostname=$(hostname | tr '[:upper:]' '[:lower:]') -domain=jtbx.space - -/usr/bin/curl -4 -s "http://dynamicdns.park-your-domain.com/update?host=$hostname&domain=$domain&password=$passwd" > /dev/null diff --git a/tasks/borgbackup-Debian-stretch.yml b/tasks/borgbackup-Debian-stretch.yml index 56941c6..e6a6c54 100644 --- a/tasks/borgbackup-Debian-stretch.yml +++ b/tasks/borgbackup-Debian-stretch.yml @@ -1,8 +1,9 @@ --- # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Debian Stretch Version # Variables (must be set!): -# - borgbackup_host -# - borgbackup_sub +# - borgbackup_passphrase +# - borgbackup_repo +# - borgbackup_hostname # For Debian Stretch, use a newer package version from backports @@ -30,6 +31,7 @@ update_cache: yes cache_valid_time: 3600 when: - - borgbackup_host is defined - - borgbackup_sub is defined + - borgbackup_passphrase is defined + - borgbackup_repo is defined + - borgbackup_hostname is defined - ansible_distribution_release == 'stretch' diff --git a/tasks/borgbackup-Debian.yml b/tasks/borgbackup-Debian.yml index f3c06fb..ddf0669 100644 --- a/tasks/borgbackup-Debian.yml +++ b/tasks/borgbackup-Debian.yml @@ -1,8 +1,9 @@ --- # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob - Default Debian Version # Variables (must be set!): -# - borgbackup_host -# - borgbackup_sub +# - borgbackup_passhrase +# - borgbackup_repo +# - borgbackup_hostname # For all other Debian versions, simply install borgbackup @@ -12,6 +13,7 @@ name: borgbackup state: present when: - - borgbackup_host is defined - - borgbackup_sub is defined + - borgbackup_passphrase is defined + - borgbackup_repo is defined + - borgbackup_hostname is defined - ansible_distribution_release != 'stretch' diff --git a/tasks/borgbackup.yml b/tasks/borgbackup.yml index bcbbd8a..a695e0f 100644 --- a/tasks/borgbackup.yml +++ b/tasks/borgbackup.yml @@ -1,8 +1,9 @@ --- # Server/Borgbackup: Install and Setup Borgbackup Backup Crobjob # Variables (must be set!): -# - borgbackup_host -# - borgbackup_sub +# - borgbackup_passphrase +# - borgbackup_repo +# - borgbackup_hostname - name: borgbackup - Install include_tasks: "{{ item }}" @@ -22,8 +23,9 @@ group: "{{ ansible_user_id }}" mode: 0775 when: - - borgbackup_host is defined - - borgbackup_sub is defined + - borgbackup_passphrase is defined + - borgbackup_repo is defined + - borgbackup_hostname is defined - name: borgbackup - Run Borgbackup script at 1:00 daily become: yes cron: @@ -32,26 +34,24 @@ hour: "1" job: "/usr/local/bin/borgbackup.sh" when: - - borgbackup_host is defined - - borgbackup_sub is defined + - borgbackup_passphrase is defined + - borgbackup_repo is defined + - borgbackup_hostname is defined # safeguard, if the host variables were removed -- name: borgbackup - Remove Borgbackup script if no borgbackup config - become: yes - file: - path: /usr/local/bin/borgbackup.sh - state: absent - when: - - borgbackup_host is not defined - - borgbackup_sub is not defined -- name: borgbackup - Remove Cronjob if no borgbackup config - become: yes - cron: - name: "Create Backup" - minute: "0" - hour: "1" - job: "/usr/local/bin/borgbackup.sh" - state: absent - when: - - borgbackup_host is not defined - - borgbackup_sub is not defined +- name: borgbackup - Uninstall + block: + - name: borgbackup - Remove Borgbackup script if no borgbackup config + become: yes + file: + path: /usr/local/bin/borgbackup.sh + state: absent + - name: borgbackup - Remove Cronjob if no borgbackup config + become: yes + cron: + name: "Create Backup" + minute: "0" + hour: "1" + job: "/usr/local/bin/borgbackup.sh" + state: absent + when: (borgbackup_passphrase is not defined) or (borgbackup_repo is not defined) or (borgbackup_hostname is not defined) diff --git a/tasks/caddy-setup.yml b/tasks/caddy-setup.yml index 4176c49..448716c 100644 --- a/tasks/caddy-setup.yml +++ b/tasks/caddy-setup.yml @@ -30,8 +30,8 @@ mode: 0555 - name: caddyserver - Copy Caddy systemd service file become: yes - copy: - src: "{{ role_path }}/files/caddy.service" + template: + src: "{{ role_path }}/templates/caddy.service" dest: /etc/systemd/system/caddy.service owner: root group: root diff --git a/tasks/caddyserver.yml b/tasks/caddyserver.yml index 0eb40f2..0901cb7 100644 --- a/tasks/caddyserver.yml +++ b/tasks/caddyserver.yml @@ -7,3 +7,4 @@ - name: caddyserver - Setup caddy server include_tasks: "caddy-setup.yml" + when: caddy_email is defined diff --git a/tasks/cronmails.yml b/tasks/cronmails.yml index c460126..b701a4f 100644 --- a/tasks/cronmails.yml +++ b/tasks/cronmails.yml @@ -46,4 +46,4 @@ cron: name: MAILTO env: yes - value: "device-{{ ansible_hostname }}@jtbx.de" + value: "{{ cron_email }}" diff --git a/tasks/dyndns.yml b/tasks/dyndns.yml index f794b43..34d1bca 100644 --- a/tasks/dyndns.yml +++ b/tasks/dyndns.yml @@ -7,18 +7,18 @@ name: curl state: present -- name: dyndns - Copy hosts.jtbx.de dynDNS script +- name: dyndns - Copy dynDNS script become: yes - copy: - src: "{{ role_path }}/files/ddns-hosts.sh" + template: + src: "{{ role_path }}/templates/ddns-hosts.sh" dest: /usr/local/bin/ddns-hosts.sh owner: "{{ ansible_user_id }}" group: "{{ ansible_user_id }}" mode: 0775 -- name: dyndns - Create cronjob for hosts.jtbx.de dynDNS script +- name: "dyndns - Create cronjob for {{ ddns_domain }} dynDNS script" become: yes cron: - name: "hosts.jtbx.de dynDNS" + name: "{{ ddns_domain }} dynDNS" minute: "*/5" hour: "*" job: "/usr/local/bin/ddns-hosts.sh > /dev/null" diff --git a/tasks/telegraf.yml b/tasks/telegraf.yml index fef8d07..b89356e 100644 --- a/tasks/telegraf.yml +++ b/tasks/telegraf.yml @@ -1,7 +1,7 @@ --- # Server/Telegraf: Install and Setup Telegraf Monitoring # Variables: -# - telegraf_snmp_fra80: boolean, enable SNMP monitoring for the fra80 network +# - telegraf_snmp: boolean, enable SNMP monitoring for the fra80 network # - telegraf_docker: boolean, enable docker monitoring - name: telegraf - Install apt-transport-https diff --git a/templates/borgbackup.sh b/templates/borgbackup.sh index d7846b7..b2b2514 100644 --- a/templates/borgbackup.sh +++ b/templates/borgbackup.sh @@ -4,10 +4,9 @@ # pass -v --stats to show more information # pass --list --filter AME to show all fiels Added Modified or with Error -#export BORG_RSH='ssh -i /home/jannik/.ssh/id_rsa' -export BORG_RSH='ssh -i /home/jannik/.ssh/id_ed25519' -export BORG_PASSPHRASE='borgbackup.{{ borgbackup_host }}@hetznerbx' -export BORG_REPO='ssh://u182062-sub{{ borgbackup_sub }}@u182062.your-storagebox.de:23/./borg' +export BORG_RSH='ssh -i {{ borgbackup_ssh_id }}' +export BORG_PASSPHRASE='{{ borgbackup_passphrase }}' +export BORG_REPO='{{ borgbackup_repo }}' # some helpers and error handling: info() { printf "\n%s %s\n\n" "$( date )" "$*" >&2; } @@ -33,7 +32,7 @@ borg create \ --exclude '/var/lib/lxcfs' \ --exclude '/var/log/*' \ \ - $BORG_REPO::'{{ borgbackup_host }}-{now:%Y%m%d_%H%M}' \ + $BORG_REPO::'{{ borgbackup_hostname }}-{now:%Y%m%d_%H%M}' \ /etc \ /var \ /root \ @@ -44,7 +43,7 @@ backup_exit=$? # Prune old backups: keep 7 daily, 3 weekly and 2 monthly (3 months total) borg prune \ - --prefix '{{ borgbackup_host }}-' \ + --prefix '{{ borgbackup_hostname }}-' \ --keep-daily 7 \ --keep-weekly 3 \ --keep-monthly 2 diff --git a/files/caddy.service b/templates/caddy.service similarity index 88% rename from files/caddy.service rename to templates/caddy.service index b9ec82b..782f787 100644 --- a/files/caddy.service +++ b/templates/caddy.service @@ -12,7 +12,7 @@ Group=www-data Environment=CADDYPATH=/etc/ssl/caddy PIDFile=/run/caddy.pid -ExecStart=/usr/local/bin/caddy -log stdout -agree -email=code@jannikbeyerstedt.de -conf=/etc/caddy/Caddyfile -root=/var/tmp +ExecStart=/usr/local/bin/caddy -log stdout -agree -email={{ caddy_email }} -conf=/etc/caddy/Caddyfile -root=/var/tmp ExecReload=/bin/kill -USR1 $MAINPID KillMode=mixed diff --git a/files/ddns-hosts.sh b/templates/ddns-hosts.sh similarity index 88% rename from files/ddns-hosts.sh rename to templates/ddns-hosts.sh index 8f91c20..15418c0 100644 --- a/files/ddns-hosts.sh +++ b/templates/ddns-hosts.sh @@ -1,5 +1,5 @@ #!/bin/sh -passwd='dyndnshosts' +passwd='{{ ddns_passphrase }}' hostname=$(hostname | tr '[:upper:]' '[:lower:]') platform='unknown' @@ -31,7 +31,7 @@ else fi # API always returns 200, so check for response payload to begin with {"Success":true, -url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip4addr" +url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip4addr" statuscode=$(curl -s $url) case "$statuscode" in {\"Success\":true*) echo "IPv4 Success" ;; @@ -43,7 +43,7 @@ if [ $ip6addr ]; then echo "Updating IPv6 DNS entry..." # API always returns 200, so check for response payload to begin with {"Success":true, - url="https://dyndns.jtbx.de/update?secret=$passwd&domain=$hostname&addr=$ip6addr" + url="https://{{ ddns_server_domain }}/update?secret=$passwd&domain=$hostname&addr=$ip6addr" statuscode=$(curl -s $url) case "$statuscode" in {\"Success\":true*) echo "IPv6 Success" ;; diff --git a/templates/telegraf.conf b/templates/telegraf.conf index dd3db39..3a84b8b 100644 --- a/templates/telegraf.conf +++ b/templates/telegraf.conf @@ -1,9 +1,9 @@ [agent] - interval = "300s" + interval = "{{ telegraf_interval }}" hostname = "" [[outputs.influxdb]] - urls = ["https://influx.jtbx.de:65086"] + urls = ["{{ telegraf_server_url }}"] database = "servers" skip_database_creation = true @@ -12,8 +12,8 @@ ## Write timeout (for the InfluxDB client), formatted as a string. timeout = "5s" - username = "servers" - password = "Servers-w.influx@home" + username = "{{ telegraf_server_user }}" + password = "{{ telegraf_server_passwd }}" # Read metrics about cpu usage @@ -65,8 +65,8 @@ {% endif %} -{% if telegraf_snmp_fra80|default(false)|bool %} -{% include telegraf_snmp_fra80_file %} +{% if telegraf_snmp|default(false)|bool %} +{% include telegraf_snmp_file %} {% endif %}